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Amendments to the Specification 

Please replace t^iii^aragraph on Page 1, Knes 5 - JO with the foUowing marked-up replaceitjent 

paragraph: -. ■ 

- This application is related to the applications having serial numbers 0?/422,430 entitled 
uumbcn 0? / entitled "Selective Data Encryption Using Style Sheet Proee?sinR", 

09/422.492 entitled Proocaging", 09/ cntiti ed "Selective Data Encryption Using Style 

Sheet Processing for Decryption by a Client Proxy", an4 Q9/422.43 1 entitled and 09/ 



^ entitled "Selective Data Encryption Using Style Sheet Processitig for Decryption by a Key 

Recovery Agent", all assigned to the same assignee and filed concurrently herewith on October 
21. 1999. - , 



V 



Please replace the fw^graph that begins on Page 9, line 1 5 and carries over to Page 1 0, line 7 
with the following roarked-up teplaceiUMrt paragrsqjb: 



- rcmtmonlv-assiened U. S. Patent 



. (serial number 09/240387, filed 



01/29/1999), titled "Method, System, and Apparatus for Selecting Encryption Levels Based on 
Policy Profiling" suggests tagging data elements in Extensible Markup Language ("XML") 
documents with fieW-kvel or record-level security information. (^^ XML" io atrodemork of 
Moonachosetl u Im Ut utE of Tcchnologs^) By inspecting this security-level information and 
consulting directory entries concerning an individual's access prhrileges, a server responding to a 
document request suppresses any document elements for which the requester is tmauthorized, 
determines the encryption algorithm and key length required by the most restrictive remaining 
element (Le. the remaining element bavii^ the highest-level security requirements), and encrypts 
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a 



the entire resulting fftered document accordingly. This invention does not sotve the problem of 
encrypted documents with nraltiple authorized receivers and agents, each with a different 
need-to-know (ie. it does not restrict the ability to read certain fields of a document to certain 
individuals or groiqw). Nor does it address the problem of client devices with insufficient 
processing power to decrypt received documents. ~ 



Please replace^heparagraph on Pagp 10, lines 8 - 19 with the following marked-up replacement 

paragraph: . 

- Several solutions for distributing encrypted key tnatCTial along vvith the enc^^ 

document to which the key applies are known in the art. The SMIME industry standard deBned 
by the IETF is used in secure e-mail transmission, providing an encapsulation of digitally signed 
and encrypted objects, ff^^ SMTVfF. charter infermation that is available ftom the lEJE 
http://wiiyw-i c t f orE /h trol rhnrt m/im iiii " yhm^"" "■" ''^^"^ infonnation.'> The 

Lotus Notes® software uses a proprietary implementation for key distributi^ (See 
http://ww » v.lotus.oom on tho Web for mor fr information obout Lotua NoteO i- "Lotus Notes" is a 
registered tmdemaik of Lotus Development Corporation and/or IBM , and more information 
about Lotus Notes is available by contactinftJBM .) However, neither of these ejdsting 
approaches suggests that individual document fields be encaypted (and other fields not encrypted). 
Nor do they suggest having different authorized viewing communities, or using multiple and/or 
different encryption algorithms and/or kevs. for keys^fef different fields in a document that need 
diferent levels of security (nor is a capability for distributing multiple keys per document 
available). — 
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Please itp^ce the paragraph that begins on Page 29, Kne 20 and carries over to Page 30, line 5 

with the following marked-up r^lacenren t paragraph: . . 

- rnmmonlv-assiimed U. S. Prtea^ (ooriol Patent 6,585,778 fsei:ial number 

09/385,899, filed 08/30/1999), titled "Enforcing Data PoKcy Using Style Sheet Prpcesaixg", 
discloses a technique for controlling the content of a document using stored poKcy information. 
Ttas invention, referred to hereinafter as the "referenced invention", is incorporated herem by 
reference. The present invention defines an extension to the stored poticy objects defined in this 
referenced invention, whereby the stored policy objects forther comprise attributes specifying the 
efement visibility information described above. These extensions will be described in more detail 
with reference to Figs. 7A through 7C. - 



Please rep^the paragraph that begins on Page 30, line 6 and carries over to Page 31, line 2 
with tiie following marked-vp replacement par^^h: 



— The employee record example previously discussed win be used to ilbistrate the 
benefits as weU as the inqjleroentationofthe present invention. Suppose a con^any maintains a 
database (or other repository) of information about its enployees, and fiirther siqjpose that the 
stored record for each employee composes the employee's name, employee serial number, data of 
hireL, cumsnt salary, and any pertinent medical conditions. F^. 3 depicts an exan^le of a DTD 
300 ttet may be used to describe the data in the record for an enqjtoyee of this company. As is 
well known in the art, a DTD is a definitiODi of the structure of an XML document, and is encoded 
in a file which is inteaidcd to be processed, aloj^ with the file containing a particular XML 
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document, by an XML parser. The DTD telb the parser bow to interpret the docimient which 
vras created accordmg to that DTD. (Note that whiJe the present invention is described with 
reference to information specified in a DTD, the information may be specified in other 
semanticaUy equivalent forms. In particvdar, the schemas which are currently being standardized 
^ bytheWoTkiWideWebConsortiumOT^23C:maybeusediosteadofDTDs. Rcferto"XML 
Schema Port 1- Str-^*""-'-". ^ available fro m t he W3C for o mi b o f um id on the Internet of 
http:.Vw^>r.v.w3.on^Oa»lflohemn !/.fbrroore information. References herein to aDTD are to 
be mterpreted as applying equally to a schema.) This DTD 300 includes entries for ihe employee 
name ("empLname") 350, the employee serial number Cser_nhr") 360. ••date_of_hirc" 370, 
^rrr^ fcuff sa1arv"'> 380. and "u ui r.Qolary" 3 ^ 0, on ^ "medical.condition" 390. - 



Please replace thep^^raph that begin$ on Pagp 32, line 15 and carries over to Page 33, line 6 

with the followng marked-^> replacement paragraph: ^ . 

- Another poKcy used with the emptoyee record example is to limit access lo cmploircc'o 
to an employee's current salary to the employee himself, any managers of the company, and any 
employees within the company's human resources (HR) department. The URI for this poUcy has 
been given the entity name "erapljmgi"_br" 3 11 , and is specified 385 in the attribute list 
declaration for curr_salary 380. The stored poUcy object located at URI 312 will speciftr the 
encryption strength deemed to be appropriate for protecting this employee salary information 
from unautborizBd access. The community attribute in the policy object wflll preferably comprise 
three distinguished name vahies - one for the individual employee, one for the group oonq)rising 
all nanagere, and one for the group conqjrising all employees in the HR department 
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Please replace the paragraph that begins on Page 35, line 13 and cartks over to Page 36, line 17 

with the following marked-up repktoenient paragraph: 

- Skippinc frr r"-" *^ /^^^i^qfttt Fip. 4B fcomorisine Figs. 4B1 and 482") and 
proceeding to Fig. 4C fotvm prising Fip s. 4C1 and 4C2>. a representative example of a 
selectiveiy-encrypted document containing the information from source document 400 b shown at 
450. Using the policy and element visibility examples discussed with reference to Fig. 3, if the 
requesting user is the employee 402, this user will be able to recover (i.e. decrypt) the protected 
vataes of both curr^salary 408 and medical_conditiDn 410 from the encrypted fields 452, 454 
(where these fields 452, 454 contain values used for illustrative purposes only) of document 450 
wlich is transmitted in response to his request In addition* because selectively- encrypted 
documents are not custondzed for a particular requesting user according to the present invention, 
but rather carry suflBcient key distribution material to enable access by any authorized user, 
employee 402 will be able to recover the protected vahies 453, 455 from fields 452, 454 even if 
he was not the original requesta- of the encrypted document. Similarly, a user v/bo is a inanager 
in this company or who works in the HR department will be able to recover the value 453 of 
encrypted field 452 if he receives document 450, because these users are within the authorized 
community for corresponding document elemoit 408, and a user in the medical department will be 
able to recover the value 455 of encrypted field 454. If a user who is not a manager, is not the 
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individiial employee, and does tiot work in either the HR or medical department receives 
encrypted document 450, this user vrill only be aWe to view the values of imrestricted document 
elements 402, 404, and 406, even though the values of the curr_salaiy and medical_condilion 
elements are contained yatWn this leer's copy of the doa^ The manner in which an 
augmented style sheet processor applies the data policy and visibility rules to yield these results 
according to the present invention will be discussed below. (Style sheet processing may perform 
additional changes to source document 400 in the process of generating an encrypted document, 
such as formatting the eit5>loyee lecord information into a predetennined layout or performing 
target-specific transformations unrelated to data poUcy and element visMity, using techniques 
which are known in the SFtrWid art and do not form part of the present invention.) - 



(X 



Please repl^'the paragraph on Page 40, lines 1 - 3 with the following marked-up replacement 



- Key class otgects 530 corresponding to each preprocessing key class object 520 are 
built during the post processing phase, and inserted by the post processing phase into the DOM 
root of the document which has been encrypted using these key class objects, fgee reference 
nimihers461.46 2ofFie. 4C.) - 



(X 



Please replace ft^^iragraph that begins on Page 40, line 4 and carries over to Page 41, line 3 
with the following marked-up replacement par^rs^h: 

- A key object 535, 536, ... 539 wiD exist in a particular key class olgect 530 for each 
coromunity member within the key class 531. Recall Aat a key object 500 or 5 1 0 is created for 
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each DN 501, and that each such key object includes an enciypted symmetric key 503. Thus, a 
key class object 530 for a key class 53 1 having 3 conrnaunity members will inchide 3 key objects 
535, 536, 539, and therefore wili have 3 difFereot enciypted symmetric key values 503 (that is, a 
difEerent symmetric key value for each community For the employee record exampk 

where the individual employee, managers, and HR department employees conqwise the 3 members 
of the authorized community for viewing curr«rt salary information, key class olgect 530 will 
mchide key objects vwth distinct encrypted keys 503 for each of these members. These 3 different 
symmetric key vahies are created from the single unencrypted key value 523 stored in the 
preprocessing key object 520. The public key 505 from the key object for each community 
^ member is used to generate the diflferent symmetric key values. To decrypt the curr_salary 



information, the processing on behalf of a member of the managers group locates the managers 
key object among olyects 535, 536. 539 by comparing the managers group DN to DN values 501, 
retrieves the encrypted symmetric key value 503 from the appropriate key object, and decrypts 
this symmetric key using the private key for the managers group. This decrypted key canth«i be 
used to decrypt the curr_salary information. Similarly, when a member of the HR departmertt 
wishes to access the curr_salaiy, the DN for the HR gro\^ is compared to the DN values in 
otgects 535, 536, 539 to locate the key object for the HR group. The encrypted key value 503 is 
then retrieved ftnm that kev object, and decrypted with the HR group's private key. This 
decrypted svnanetric privatekey is then used the HR groi?) member to decrypt the curr_salary 
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Please replace the j&ragraph that begins on Page 53, line 3 and carries over to Page 54. line 5 

with the following marked-up replacement paragra pt>: ^ 

- Hie processing of Fig. 7B begins upon completion of the processing of Fig. 7A. This 
processing may occur as part of the augmented XSL processor of the present invention, or may 
be performed by a transcoding proxy of the prior art (see the description of a transcoding proxy 
615 in 4e discussion of Fig. 6, above). Block 752 applies a style sheet rule to the source 
document 400. When the pattern of a style sheet rule matches an element of the source 
document. Block 754 asks whether this template calls the existing XSL value-of method. If not, 
processmg of the rule continues according to the prior art, and control transfers to Block 759. 
According to the present mvention, the vahie-of method is preferably invoked for each element in 
the source document, in order to apply selective encryption to each element as needed. This may 
be acconqilished by applying a style sheet that copies all injiut vahies to an output document being 
generated When the vakw-of method is invoked by the template rule. Block 756 retrieves (i.e. 
obtains a pointer or reference to) the previously-instantiated data policy object for the data 
element which has matched the template rule. The overriding value-of method of this data poUcy 
object is executed al Block 758, performing any appropriate transformations that have been coded 
within tWs method. According to the present invention, the code of the overridden value-of 
method is written to detennine whether the pohcy object specifies that the data element is to be 
encrypted (as described above with reference to Block 715). and if so, to insert encryption 
markup tags around the element. The encryption markup tags preferabfy use a syntax such as 
"-TrmniTFtMlatn nlrrn - "n""^---^ as "<tencrvpt:d flta class = "n">" and "</encrypt:data>" (as 
illustrated in Fig. 4B at 422 and 424), where the value of "n" is set to the idcntifiCT of the key 
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class object that was associated with this poUcy object in Block 745 of Fig. 7A. This process of 
applying style sheet rales to mark up the source document 400 is repeated by iterating Blocks 752 
through 759 until the source document has been con^letely processed (i.e. until the test at Block 
759 has a positive result), after which the processing of Fig. 7B ends. - 



Plcsase replace the pahigraph on Page 54, lines 6-17 with the foUowing tnarked-up replacenient 

paragraph: , 

- Fig. 4B iUustrates an exainple of the result of coii5)letiDg the processing of Ffe. 7B 
upon source document 400. Note that the content 420 of Fig. 4B represents interim information 
which is created and used internally. The information is never exposed in this form. (See Fig. 4C 
for an illustration of the information that is exposed externally,) Markup tags 422 and 424 have 
been inserted to bracket the security-sensitive values of the curr__salary and medical^condition 
document elements. A first key cbiss is to be used for encryption of the curr^salaiy value, and a 
second key class is to be used for the raedk:al_condition value, as indicated in the markup tags at 
423 and 425, respectively. Fig. 4B forther illustrates the organization of these key class olgects. 
As shown at 430, key class "1 " has an associated algorithm (shown m the figure as tvpe="3DES"^ 
and key length f shown in the figure as leiF=" 168"1, and iDchides key objects 43 1, 432, 433 for the 
three members of the associated community. Key class "2" is similar, using a different algorithm 
and key length (see 440), mi specifying key objects 441, 442 for two community memibers. - 



Please replace the Mragr^h that begins on Page 54, line 1 8 and carries over to Page 55, line 5 
with the following marked-up replacement paragr^h: 
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„ Note that the "tempkey" elements 434, 444 of Fig. 4B depict examples of the 
unencrypted symmetric key 522 that win be used to c^ate a different encrypted symmetric key 
§3* key 503 (shown in Fig. 4B and 4C as the vahies of flig "Ekey" attribute) for each community 
member of the associated key class. Note also that the Keyldentifier values and these Ekey value 



vahies using "base 64" rules as known in the art, such that the result contains only printable 
chawctCTs that are allowed in the context of XML attribute values. - 



Please replace the pM^raph that begins on Page 57, line 12 and carries over to Page 58, Ime 4 

with the foBowi ng marked-up replacement paragraph: . 

- Block 780 encrypts the generated symmetric key 523 separately for each community 
member (that is, for each distinct DN within the community) aufeorized to view the associated 
document element. This is performed by accessing each key objoct 510 <M^ 50Q (as stored in 
field 535, 536, ... 539 of key class object 530) defined for the current preprocessing key class, and 
for each key object, (1) retrieving the public key 505 fi-om the X.509 certificate 502a, (2) using 



this public key 505 to emsrypt the symmetric key 523 using the encryption algorithm and key 



length stored at 532 and 533, respectively, and (3) storing the resulting encrypted key in field 503 
of the key object. This will result in one encrypted copy of the symmetric key per community 
member having a separate DN 501 and X.509 certificate 502a. (In other words, when a 
community member is a group representing multiple individuals, then one encrypted copy of the 
plaintext symmetric key 523 is generated for the entire group and is associated with the group's 
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DN.) To save space, the preferred embodiments then replace the X.509 certificate 502a with its 
corresponding Keyldentifier 502b f >»ich that fonnat 500 is replaced with foym 510) , which fe 
combination with the distinguished name 501 allows identification of the specific certificate which 
was used during encryption. 



Please replace the ^pf^aph on Page 58, lines 5 - 7 whh the following maiked-i^ replacement 
paragraph: 



- Block 785 then inserts the key class object 530 into the root of the DOM, as illustrated 
by the presence of key class objects 461 , 462 inthowhat mjf^ may be considered the root area 
460 of the output document 450 of F^. 4C. ~ 



Please replag^the paragraph on Pag© 59, Hnes 7-11 with the foUowing marked-up replacement 



paragraph: 



6 



While the selectively-encrypted document cxaqjple shown in Fig- 'IB dqwst a Fig^4C 
depicts the element tags as having beeti left imencrypted, it may happen in a particular situation 
that it is desirable to encrypt the tags themselves as well as the data value(s) enclosed by the tags. 
To accotxunodate this po^ihility, the associated poKcy object may be written such that it places 
the encryption tags (see 422, 424 of Fig, 4B) surrounding the element tags rather than 
Surrounding the element value. — 



Please replace ^e paragraph on Page 65, lines 10 - 21 with the foUowing marked-up replacement 
paragraph: 
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- Another prefix embodimeflt is defined for the situation where 
workstation has insufiSdent processing power to perform the decryption process of the present 
inventfon, or (2) it is desired to avoid program code changes on the client workstation. Thus, a 
cKent proxy performs the decyptwn process on behalf of the user (or on behalf of an appUcation 
executhig on the user's workstation). The togic with which this preferred embodiment may be 

trri in rtrrirtH inr^' « '^'T^^'^ ^" 9A and 9B. The user in this scenario 

uses a standard Web browser cUent appUcation (such as browser client 675 of Fig. 6) executing 
his workstation or a standard program client (such as program client 680), and requests a 
lectively-enciypted XML document fi»m a proxy (such as cUent proxy 655) acting on b?half of 
the browser cUent. ITiiough use of this client proxy 655, this preferred embodiment enables 
serving selectively- encrypted document content to browser cfients 675 or program cUents 680 
without requiring any program changes or addirional software operating on the client device. ~ 



on 

sel 



Please repJac«Jlfc paragraph that begins on Page 71, line 19 and carries over to Page 72. line 1 1 
with the following marked-up replacement paragraph: 



~ The process of decrypting an element on behalf of the client 675 begins at Block 948, 
where the proxy 665 expands the group membership of those DNs which represent groups in the 
key class of this element. Referring to the examine document in Fig. 4C, the processing of Block 
948 conprises locating the key class idoitifier 456 when processing eiicrypted element 452, then 
finding the DNs of groups 471, 473 from the key objects within die key class 461 having the 
identifier 153 (ooc identifier 456 face 463) whkih is located on the encrypted elemetit tag, and then 
determinnig the IIIembersh^) of these groups having common names "managers" 470 and "hr" 
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472. WhenanLDAPdkectoryisused&rstoringgroupmeinbersl^ 
described, determming the rtwmbership cott^rises issuing an LDAP command for each DN 
assigned to a group, where that command retrieves the DNs of the iadividyal members of the 
grov^). (As v«n be obvious, v*eii a data repository other than a directory is used for storing 
group inembership information, the retrieval command appropriate to that ttqpoatory is used.) 
Alternatively, a query can be performed in the fonn of 'Is this (fadividual DN) a member of this 
(group DN)?"- - 



Please replac^e paragraph that begins on Pagp 82, line 13 and cffl^^ 

with the foUowing marfced-up replacement par^raph: , ._ 

~~ - Returmng now to Fig. lOA, Block 1 024 resumes the user's processing, after the clerk 

processing of Fig. 1 OC has completed, by receiving the key objects £Le. within key clags objects j 
whkh wem passed. Optionally, the certificate which was passed (or its key identifier) may also be 
returned so that the requester can easily locate the conresponding private key on its local key ring 
or chain (©iven that a requester may hawe more than one certificate and private key). If the 

returned information was digitaUy signed by the clerk, the user first verifies the digital signature to 
ensure that the information was not created by an hnpostor and has not been altered. Gf the 
session between the user and clerk is a mutually-authentjcated secure session, then the signing by 
the cleik, and verification by the user, is i»t required.) The user then decrypts the symmetric key 
fiom each key class olgect returned ftom a group clerk (Block 1026) using the user's private key. 
(Or, if the keys are returned unencrypted on a mutually-authenticated secure session, ttiis 
decryption in Block 1026 is not required: these unencrypted keys will be used directly for 
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deciypting elements of the associated key classes.) The user wfll now be able to decrypt the 



0^ elements for that key class, as wltbe will now be described with reference to Fig. 1 OB. 
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